Haha, it's been pretty easy so far -- considering how I've never performed these exploits before. It's not nearly as hard as notpron, because the puzzles are actually documented.

The first and second puzzle are ridiculously easy IMO and just require cleverness. I got lucky on the 3rd puzzle as it actually requires a bit of hexadecimal math and calculations -- I just guessed well. The 4th requires a bit more math and has me stuck trying to figure out how many characters I need to put my code in the right spot.

Hint for the first one: the vulnerable code is:

Code:

system("date");

which is the equivalent of using a terminal to do:

Code:

$ date

Since the system uses an environmental variable "PATH" to resolve where the "date" program is, you can exploit that by changing the "date" that it decides to call -- perhaps one that gives away sensitive information:

Code:

#!/bin/bash
echo /home/level02/.password

The idea is that the executable is setuid (level02), which means when you (level01) run it, it gives the executable the privileges of level02 to run. Administrators sometimes do this to give people very limited access, but as you can see -- doing it incorrectly is very dangerous. If you are careless, you can accidentally call, and in turn execute, code that you would not want to run, but a malicious intruder would love for you to run.

Continued level01 hint to solution:

Finding a place to write your code is a bit annoying, but you should put it in the tmp folder that they give you and make note of where it is, you won't be able to "ls" to find it. Changing the PATH variable is a cake walk and will allow you to run malevolent code quickly:

Code:

$ PATH=/tmp/weirddirectory:$ PATH

-- but without the space between $ and the second PATH... forums are scrubbing my code and won't let me type "$p" followed by "ath".

Working in a virtual machine is crazy awesome - it's like being in the red light district with a full-body latex suit. I've been trying to get d3d to opengl translation so that my virtual machine acts like wine++ rather than windows--. That experimentation is enough to make a 90s computer literate child cringe. I've been randomly downloading registry modifications and running them without even blinking an eye, batch files and the like. I ran a script on c:/windows/ that modified the ownership attributes of every file. I forced system32 and syswow64 to be write/modify (in W7 there's a failsafe to prevent people from "deleting system32"). I put a bunch of modified dlls in my system folder. I love it. I can play with fire and never get burned. I just save the machine state before I do something sketch and if I DUN GOOFED, I just roll back. The consequences will literally never be the same.